CentOS Linux Kernel Update 2.6.32-431.5.1 Released

Resolved CVEs:

CVE-2013-2929
CVE-2013-6381
CVE-2013-7263
CVE-2013-7265

* A buffer overflow flaw was found in the way the qeth_snmp_command()
function in the Linux kernel’s QETH network device driver implementation
handled SNMP IOCTL requests with an out-of-bounds length. A local,
unprivileged user could use this flaw to crash the system or, potentially,
escalate their privileges on the system. (CVE-2013-6381, Important)

* A flaw was found in the way the get_dumpable() function return value was
interpreted in the ptrace subsystem of the Linux kernel. When
‘fs.suid_dumpable’ was set to 2, a local, unprivileged local user could
use this flaw to bypass intended ptrace restrictions and obtain
potentially sensitive information. (CVE-2013-2929, Low)

* It was found that certain protocol handlers in the Linux kernel’s
networking implementation could set the addr_len value without initializing
the associated data structure. A local, unprivileged user could use this
flaw to leak kernel stack memory to user space using the recvmsg, recvfrom,
and recvmmsg system calls (CVE-2013-7263, CVE-2013-7265, Low).

Updating the Kernel

You can either initiate a full yum update:

yum update

Alternatively, just update the kernel packages:

yum update "kernel-*"

As this update has just been released, your preferred CentOS yum mirror may not have the update yet. In this case. you may need to wait a few hours for the update to become available. Cached repo data can also prevent new updates from being found. To clear your yum cache, run:

Latest CentOS Kernel version

CentOS 7.6.1810: 3.10.0-957.21.3

“CentOS Blog” (www.centosblog.com) is a community page, and is in no way affiliated or endorsed by RedHat or the CentOS Project.
Any product names, logos, brands, and other trademarks or images featured or referred to within the CentOS Blog website are the property of their respective trademark holders. These trademark holders are not affiliated with CentOS Blog, our products, or our websites. They do not sponsor or endorse CentOS Blog or any of our online products.